Market participants have raised questions concerning the application of the federal securities laws and the rules of the Financial Industry Regulatory Authority (FINRA) to the potential intermediation — including custody — of digital asset securities and transactions. In this statement, the staffs of the Division of Trading and Markets (Division) and FINRA (collectively, the Staffs) — drawing upon key principles from their historic approach to broker-dealer regulation and investor protection — have articulated various considerations relevant to many of these questions, particularly under the SEC’s Customer Protection Rule applicable to SEC-registered broker-dealers.

As a threshold matter, it should be recognized by market participants that the application of the federal securities laws, FINRA rules and other bodies of laws to digital assets, digital asset securities and related innovative technologies raise novel and complex regulatory and compliance questions and challenges. For example, and as discussed in more detail below, the ability of a broker-dealer to comply with aspects of the Customer Protection Rule is greatly facilitated by established laws and practices regarding the loss or theft of a security, that may not be available or effective in the case of certain digital assets.

Customer protection rule

Entities seeking to participate in the marketplace for digital asset securities must comply with the relevant securities laws. An entity that buys, sells, or otherwise transacts or is involved in effecting transactions in digital asset securities for customers or its own account is subject to the federal securities laws, and may be required to register with the SEC as a broker-dealer and become a member of and comply with the rules of a self-regulatory organization (SRO), which in most cases is FINRA. Importantly, if the entity is a broker-dealer, it must comply with broker-dealer financial responsibility rules, including, as applicable, custodial requirements under Rule 15c3-3 under the Securities Exchange Act of 1934 (the Exchange Act), which is known as the Customer Protection Rule.

Various unregistered entities that intend to engage in broker-dealer activities involving digital asset securities are seeking to register with the SEC and have submitted applications to FINRA. Additionally, various entities that are already registered broker-dealers and FINRA members are seeking to expand their businesses to include digital asset securities services and activities. Under FINRA rules, a firm is prohibited from materially changing its business operations (e.g., engaging in material digital asset securities activities for the first time) without FINRA’s prior approval.

The NMAs and CMAs currently before FINRA are diverse: Some of the NMAs and CMAs cover proposed business models that would not involve the broker-dealer engaging in custody of digital asset securities. On the other hand, some NMAs and CMAs include the custodying of digital asset securities, and therefore implicate the Customer Protection Rule, among other requirements.

Some of these entities have met with the Staffs to discuss how they propose to custody digital asset securities in order to comply with the broker-dealer financial responsibility rules. These discussions have been informative. The specific circumstances where a broker-dealer could custody digital asset securities in a manner that the Staffs believe would comply with the Customer Protection Rule remain under discussion, and the Staffs stand ready to continue to engage with entities pursuing this line of business.

Noncustodial broker-dealer models for digital asset securities

As noted, some entities contemplate engaging in broker-dealer activities involving digital asset securities that would not involve the broker-dealer engaging in custody functions. Generally speaking, noncustodial activities involving digital asset securities do not raise the same level of concern among the Staffs, provided that the relevant securities laws, SRO rules, and other legal and regulatory requirements are followed. The following are examples of some of the business activities of this type that have been presented or described to the Staffs.

One example is where the broker-dealer sends the trade-matching details (e.g., identity of the parties, price, and quantity) to the buyer and issuer of a digital asset security — similar to a traditional private placement — and the issuer settles the transaction bilaterally between the buyer and issuer, away from the broker-dealer. In this case, the broker-dealer instructs the customer to pay the issuer directly and instructs the issuer to issue the digital asset security to the customer directly (e.g., the customer’s digital wallet).

A second example is where a broker-dealer facilitates over-the counter secondary market transactions in digital asset securities without taking custody of or exercising control over the digital asset securities. In this example, the buyer and seller complete the transaction directly and, therefore, the securities do not pass through the broker-dealer facilitating the transaction.

Another example is where a secondary market transaction involves a broker-dealer introducing a buyer to a seller of digital asset securities through a trading platform where the trade is settled directly between the buyer and seller. For instance, a broker-dealer that operates an alternative trading system (ATS) could match buyers and sellers of digital asset securities and the trades would either be settled directly between the buyer and seller, or the buyer and seller would give instructions to their respective custodians to settle the transactions.

In either case, the ATS would not guarantee or otherwise have responsibility for settling the trades and would not at any time exercise any level of control over the digital asset securities being sold or the cash being used to make the purchase (e.g., the ATS would not place a temporary hold on the seller’s wallet or on the buyer’s cash to ensure the transaction is completed).

Considerations for broker-dealer custody of digital asset securities

Whether a security is paper or digital, the same fundamental elements of the broker-dealer financial responsibility rules apply. The Staffs acknowledge that market participants wishing to custody digital asset securities may find it challenging to comply with the broker-dealer financial responsibility rules without putting in place significant technological enhancements and solutions unique to digital asset securities. As the market, infrastructure, and law applicable to digital asset securities continue to develop, the Staffs will continue their constructive engagement with market participants and to gather additional information so that they may better respond to developments in the market10 while advancing the missions of our respective organizations: for the SEC, to protect investors; maintain fair, orderly, and efficient markets; and facilitate capital formation; and for FINRA, to provide investor protection and promote market integrity.

Considerations for digital asset securities

There are many significant differences in the mechanics and risks associated with custodying traditional securities and digital asset securities. For instance, the manner in which digital asset securities are issued, held, and transferred may create greater risk that a broker-dealer maintaining custody of them could be victimized by fraud or theft, could lose a “private key” necessary to transfer a client’s digital asset securities, or could transfer a client’s digital asset securities to an unknown or unintended address without meaningful recourse to invalidate fraudulent transactions, recover or replace lost property, or correct errors. Consequently, a broker-dealer must consider how it can, in conformance with Rule 15c3-3, hold in possession or control digital asset securities.

In particular, a broker-dealer may face challenges in determining that it, or its third-party custodian, maintains custody of digital asset securities.16 If, for example, the broker-dealer holds a private key, it may be able to transfer such securities reflected on the blockchain or distributed ledger. However, the fact that a broker-dealer (or its third party custodian) maintains the private key may not be sufficient evidence by itself that the broker-dealer has exclusive control of the digital asset security (e.g., it may not be able to demonstrate that no other party has a copy of the private key and could transfer the digital asset security without the broker-dealer’s consent).17 In addition, the fact that the broker-dealer (or custodian) holds the private key may not be sufficient to allow it to reverse or cancel mistaken or unauthorized transactions. These risks could cause securities customers to suffer losses, with corresponding liabilities for the broker-dealer, imperiling the firm, its customers, and other creditors.

The nature of distributed ledger technology, as well as the characteristics associated with digital asset securities, may make it difficult for a broker-dealer to evidence the existence of digital asset securities for the purposes of the broker-dealer’s regulatory books, records, and financial statements, including supporting schedules. The broker-dealer’s difficulties in evidencing the existence of these digital asset securities may, in turn, create challenges for the broker-dealer’s independent auditor seeking to obtain sufficient appropriate audit evidence when testing management’s assertions in the financial statements during the annual broker-dealer audit.

In the case of a digital asset security that does not meet the definition of “security” under SIPA, and in the event of the failure of a carrying broker-dealer, SIPA protection likely would not apply and holders of those digital asset securities would have only unsecured general creditor claims against the broker-dealer’s estate.26 Further, uncertainty regarding when and whether a broker-dealer holds a digital asset security in its possession or control creates greater risk for customers that their securities will not be able to be returned in the event of a broker-dealer failure.27 The Staffs believe that such potential outcomes are likely to be inconsistent with the expectations of persons who would use a broker-dealer to custody their digital asset securities.

Control location applications

As a related matter, the Staffs have received inquiries from broker-dealers, including ATSs, wishing to utilize an issuer or transfer agent as a proposed “control location” for purposes of the possession or control requirements under the Customer Protection Rule. As described to the Staffs, this would involve uncertificated securities where the issuer or a transfer agent maintains a traditional single master security holder list, but also publishes as a courtesy the ownership record using distributed ledger technology. While the issuer or transfer agent may publish the distributed ledger, in these examples, the broker-dealers have asserted that the distributed ledger is not the authoritative record of share ownership. To the extent a broker-dealer contemplates an arrangement of this type, the Division will consider whether the issuer or the transfer agent can be considered a satisfactory control location pursuant to an application under paragraph (c)(7) of Rule 15c3-3.

Plagued by exchange hacks, fraud, lost keys and broken dreams, the nascent cryptocurrency market, which lost nearly $700 billion from its total market capitalization last year, is showing signs of a resurgence. With no regulated market infrastructure for cryptocurrencies, most institutional investors have avoided them, concerned about security, volatility and how to value the rapidly growing universe of digital coins and tokens.

The US Securities and Exchange Commission echoed those concerns when it rejected several applications for bitcoin exchange-traded funds (ETFs) in 2018, citing worries about market manipulation and investor protection. Nevertheless, a lot of institutional investors think cryptocurrencies have long-term potential and some big institutional investors are already testing the water.

Traditional identity management has typically involved the storing of user credentials (e.g., passwords) by organizations and third parties, which often results in concerns over interoperability, security, and privacy. However, a possible solution has emerged through the use of blockchain technology to create novel identity management approaches with built-in control and consent mechanisms. This can potentially transform data governance and ownership models by enabling users to control their data and share select personal information, while helping businesses streamline operations by relying on verified user information without having to maintain the infrastructure themselves.

This Draft NIST Cybersecurity White Paper provides an overview of the standards, building blocks, and system architectures that support emerging blockchain-based identity management systems and selective disclosure mechanisms. The document considers the full spectrum of top-down versus bottom-up governance models for both identifier and credential management and addresses some of the risks and security concerns that may arise. The terminology, concepts, properties, and architectures introduced in this work can facilitate understanding and communications amongst business owners, software developers, cybersecurity professionals within an organization, and individuals who are or will be using such systems.

In a statement, Ye Wangchun, the chairman and CEO of OneConnect, summarized three pain points of traditional manual operation on contracts management:

AI tech improves management efficiency and reduces operational risk

ALFA Smart Contract Cloud Platform upholds the advanced concepts of “standardization, labeling, smart, automated and streamlined”. Based on the seven major financial industry contract databases of bank, fund, security, trust, leasing, futures and insurance, the platform contains more than 1000 standard contract templates, and a label bookshelf consisting of more than 80,000 labels. In line with the end-to-end process construction, ALFA can be docked with six platforms to achieve 58 smart service outputs.

Using ABS as an example, the platform manages transaction assets up to 100 billion ($14.5bn) through eight intelligent functional applications of four business modules, namely “undertaking, auditing, sales and duration”.

Blockchain achieves asset tracking and avoids contract fraud risk

ALFA Smart Contract Cloud Platform uses the traceability and non-tampering characteristics of blockchain technology and incorporate the underlying elements of the contracted assets into the blockchain. With the help of cryptography technology, original zero-knowledge proof base and authorized encryption and decryption mechanisms, the platform achieves the registration and tracking of underlying assets, so that stakeholders can track the real assets on the blockchain timely and clearly.

ALFA applies advanced artificial intelligence technology that means it can locate the risk label in the contract through the intelligent identification engine after signing the contract. Based on the internal and external data, the platform will trigger the risk alert once the assets and institutional conditions change, so as to help institutional users quickly identify the risk and improve the level of compliance management.

Excerpts from remarks by Javier Calafell, deputy governor at Banco de Mexico, St. Louis symposium, July 9

An element that has been receiving increasing attention recently relates to the possibility of officially issuing electronic counterparts to (physical) cash, in what have generically been termed “Central Bank Digital Currencies” (CBDCs). Although still in a very early stage of development, and for the most part within an experimental framework, a few central banks have already taken material steps in this direction, exploring the potential viability of CBDCs with different attributes and characteristics.

Among the noteworthy cases are those of the e-Krona and the e-Peso pilot programs developed by the central banks of Sweden and Uruguay, respectively, as digital alternatives that would coexist with cash as legal tender in their corresponding jurisdictions. Further to the desire to learn about CBDCs and their implications at this stage, central bank interest in these instruments has been kindled by a combination of factors.

One of the most important, particularly among some advanced economies, is the protracted decline in the use of cash and the consequent need to adapt to this situation. In addition, the possibility that privately provided electronic means of payment take place in a context of poor competition, has in some cases stimulated central banks’ interest in CBDCs. Further to the above, a number of other possible advantages of CBDCs have been identified. The potential to enhance the safety of the payments system through a back-up given mounting operational risks in some segments, or its cost effectiveness, by saving on the distribution of cash, are included among them.

In other instances, particularly amongst emerging market and developing economies, CBDCs are seen as a means to ameliorate outstanding gaps in financial inclusion of important segments of their populations. Moreover, depending on their specific design, such as the level of transaction traceability (or, conversely, anonymity), CBDCs could also help counter the proliferation of illegal activities.

Notwithstanding the appeal that CBDCs may gather on the basis of these and other favorable attributes, important negative implications must be acknowledged as well. In general, these relate to the potential effects on the role that central banks play in a wide array of activities, some of them closely related to their core functions in the economy. In particular, the issuance of CBDCs could lead these institutions to operate directly in the intermediation of financial resources with the public.

Naturally, such abrupt deviations from the traditional role of central banks carry important risks. At the center of these concerns lie the potential implications for the private financial sector. First, should CBDCs become entrenched as a close substitute of, or a superior alternative to, commercial deposit accounts (which would very likely be the case if they are designed as account-based and interest-bearing), the amount of resources effectively intermediated by the private financial sector could be curtailed.

Adding to the contraction in the supply of loanable funds derived from retail depositors opting to hold CBDCs instead of bank accounts, loan demand could be affected too as a result of banks’ attempts to preserve margins by increasing their lending rates. Moreover, as banks face a drop in the relatively stable component of funding represented by retail deposits, regulatory requirements in place may force them to cut back on credit or hold a higher proportion of liquid assets, either of which would result in fewer resources available for lending.

Secondly, the stability of the financial system may face important challenges. These would derive partly from the riskier pool of debtors and investment projects that banks could be financing in scenarios of higher equilibrium rates as the one described above. Furthermore, in extreme cases, system-wide bank runs triggered by episodes of stress could be facilitated by the swift and frictionless convertibility of bank deposits into risk-free and liquid assets such as CBDCs.

Member Login

Stay up to date with the daily movements in the securities finance industry. The DataLend Daily Equity and Fixed Income Market Updates, provides key metrics to help you identify trends and day-over-day changes in the global lender-to-borrower securities finance market.Download today’s metrics here